Giovanni Buttarelli

Giovanni Buttarelli

ABOUT

Mr. Giovanni Buttarelli (1957) has been appointment European Data Protection Supervisor since 4 December 2014 by a joint decision of the European Parliament and the Council for a term of five years.

Before joining the EDPS, he worked as Secretary General to the Italian Data Protection Authority, a position he occupied between 1997 and 2009. A member of the Italian judiciary with the rank of Cassation judge, he has attended to many initiatives and committees on data protection and related issues at international level.

The experience on data protection includes the participation in many bodies at European Union level (including Art. 31 Committee of Directive n. 95/46/EC and Taiex programs), and at the Council of Europe (in particular, also as a consultant, T‐PD; CJ‐PD, DH‐S‐Ac, Venice Commission), as well as the contribution to many hearings, meetings and workshops held also by Parliaments and to specialized book journals and papers.

He currently teaches on privacy at the Luiss University, Rome.

Special: Putting privacy and data security at the heart of 5G

Abstract: Praised for being able to determine a good form of disruptive changes for society such as higher connectivity penetration and reduction in energy consumption, 5G technology has also the potential to place some fundamental rights and values, such as the right to privacy and the right to data protection, under substantive strains.

Examples are the accuracy of location data detection and the risk of physical tracking, particularly evident in the IoT environment that, inter alia, 5G aims to underpin. Additional challenges stem from the need to preserve the confidentiality of private communications and the whole set of values and rights when confronted with non-EU players and architectures.

Any forward-looking solutions in this area should be inspired by: 1) Privacy by design: designing systems and processes specificities should be performed with privacy and respect of people ‘rights at its heart; 2) Accountability, as the key disruptive element in GDPR, which means, above other things, “practice what you preach”; 3) By default high levels of privacy protection and safeguards such as encryption on a larger and more robust scale.

The debate should expand so as to include a reflection on developing business models which can resist a test of” ethical sustainability” , possibly within a less and centralised concentrated ecosystem.